Ethernet-Based and Function-Independent Vehicle Control-Platform: Motivation, Idea and Technical Concept Fulfilling Quantitative Safety-Requirements from ISO 26262

Abstract

This paper presents the outline of a new system architecture for future electric vehicles. It is designed to simplify the development of advanced assistant functionality (e.g. ADAS) and is based on highly integrated smart actuators. A platform approach is chosen to meet functional as well as non-functional requirements outlined in this paper. A logically centralized platform computer is used as cross-domain runtime environment. All sensors and actuators are accessible from this platform computer. A middleware encapsulates the communication to physical hardware and provides mechanisms for functional safety and security. These mechanisms are fully transparent to vehicle control functions and mask platform failures up to ASIL-D functions. Moreover, platform mechanisms even allow for fail-operational behaviour of these functions and support them in a mixed criticality environment. A key characteristic is “plug-andplay” capability (PnP) for software and hardware, which is supported by OS and middleware even for safety-critical functions. This paper does focus on selected communication mechanisms based on standard Ethernet hardware. Safety assessments are just rudimentary and for the sake of completeness.